public void MetadatabaseExtensions_ToXmlString_IncludesKeyInfo()
{
var metadata = new EntityDescriptor
{
EntityId = new EntityId("http://idp.example.com/metadata"),
CacheDuration = new XsdDuration(hours: 1)
};
var idpSsoDescriptor = new IdpSsoDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
metadata.RoleDescriptors.Add(idpSsoDescriptor);
idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://idp.example.com/sso")
});
idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);
var subject = XDocument.Parse((metadata.ToXmlString(null, "")));
var ds = XNamespace.Get(SignedXml.XmlDsigNamespaceUrl);
subject.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor")
.Element(Saml2Namespaces.Saml2Metadata + "IDPSSODescriptor")
.Element(Saml2Namespaces.Saml2Metadata + "KeyDescriptor")
.Element(ds + "KeyInfo")
.Element(ds + "X509Data")
.Element(ds + "X509Certificate")
.Value.Should().StartWith("MIIDIzCCAg+gAwIBAgIQg7mOjTf994NAVxZu4jqXpzAJBgUrDgM");
}
public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntReloadMetadataWhenDisabled()
{
var ed = new EntityDescriptor
{
ValidUntil = DateTime.UtcNow.AddYears(-1),
EntityId = new EntityId("someEntityId")
};
var idpSsoDescriptor = new IdpSsoDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
ed.RoleDescriptors.Add(idpSsoDescriptor);
idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService()
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://idp.example.com/sso")
});
idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);
var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions());
Action a = () => { var b = subject.Binding; };
subject.LoadMetadata.Should().BeFalse();
// Will throw invalid Uri if it tries to use EntityId as metadata url.
a.Should().NotThrow();
}
private static SSODescriptorSuggestions GetIdpSuggestions(IdpSsoDescriptor idp)
{
var idpSuggestions = new SSODescriptorSuggestions();
idpSuggestions.SupportsSingleLogout = idp.SingleLogoutService.Any();
idpSuggestions.PossiblySupportedNameIdFormats = idp.NameIdFormat;
idpSuggestions.SigningDetails = GetKeyDescriptorAsWell(idp, GetSigningInfo(idp.Signature));
return(idpSuggestions);
}
public static EntityDescriptor CreateIdpMetadata(bool includeCacheDuration = true)
{
var metadata = new EntityDescriptor()
{
EntityId = new Metadata.EntityId(UrlResolver.MetadataUrl.ToString())
};
if (includeCacheDuration)
{
metadata.CacheDuration = new XsdDuration(minutes: 15);
metadata.ValidUntil = DateTime.UtcNow.AddDays(1);
}
var idpSsoDescriptor = new IdpSsoDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
metadata.RoleDescriptors.Add(idpSsoDescriptor);
idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService()
{
Binding = Saml2Binding.HttpRedirectUri,
Location = UrlResolver.SsoServiceUrl
});
idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService()
{
Binding = Saml2Binding.HttpPostUri,
Location = UrlResolver.SsoServiceUrl
});
idpSsoDescriptor.ArtifactResolutionServices.Add(0, new ArtifactResolutionService()
{
Index = 0,
IsDefault = true,
Binding = Saml2Binding.SoapUri,
Location = UrlResolver.ArtifactServiceUrl
});
idpSsoDescriptor.SingleLogoutServices.Add(new SingleLogoutService()
{
Binding = Saml2Binding.HttpRedirectUri,
Location = UrlResolver.LogoutServiceUrl
});
idpSsoDescriptor.SingleLogoutServices.Add(new SingleLogoutService()
{
Binding = Saml2Binding.HttpPostUri,
Location = UrlResolver.LogoutServiceUrl
});
idpSsoDescriptor.Keys.Add(CertificateHelper.SigningKey);
return(metadata);
}
public void ExtendedMetadataSerializer_Write_EntitiesDescriptorCacheDuration()
{
var metadata = new EntitiesDescriptor
{
Name = "Federation Name",
CacheDuration = new XsdDuration(minutes: 42)
};
var entity = new EntityDescriptor
{
EntityId = new EntityId("http://some.entity.example.com")
};
var idpSsoDescriptor = new IdpSsoDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://some.entity.example.com/sso")
});
entity.RoleDescriptors.Add(idpSsoDescriptor);
metadata.ChildEntities.Add(entity);
var stream = new MemoryStream();
ExtendedMetadataSerializer.ReaderInstance.WriteMetadata(stream, metadata);
stream.Seek(0, SeekOrigin.Begin);
var result = XDocument.Load(stream).Root;
result.Name.Should().Be(Saml2Namespaces.Saml2Metadata + "EntitiesDescriptor");
result.Attribute("cacheDuration").Value.Should().Be("PT42M");
result.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor").Attribute("cacheDuration")
.Should().BeNull();
}
public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntScheduleMedataRefresh()
{
MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1);
var ed = new EntityDescriptor
{
ValidUntil = DateTime.UtcNow.AddYears(-1),
EntityId = new EntityId("http://localhost:13428/idpMetadata")
};
var idpSsoDescriptor = new IdpSsoDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
ed.RoleDescriptors.Add(idpSsoDescriptor);
var pe = new SingleSignOnService()
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://idp.example.com/sso")
};
idpSsoDescriptor.SingleSignOnServices.Add(pe);
idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);
var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions());
subject.ReadMetadata(ed);
// Ugly, but have to wait and see that nothing happened. Have tried
// some different timeouts but need 100 to ensure fail before bug
// is fixed :-(
Thread.Sleep(100);
// Would be changed if metadata was reloaded.
subject.SingleSignOnServiceUrl.Should().Be(pe.Location);
}
